7a1a957ff277ea70e526bf2e7189b68106867f557501be694df0a3d7b56153ce

Analysis

max time kernel
91s
max time network
127s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
11/10/2024, 22:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

372ca7db77eb38762b4ea264d6e32a12_JaffaCakes118.dll
Size

494KB
MD5

372ca7db77eb38762b4ea264d6e32a12
SHA1

c1c6ef1a625e269a4533414470b9d56fd6a85f7c
SHA256

7a1a957ff277ea70e526bf2e7189b68106867f557501be694df0a3d7b56153ce
SHA512

cbf1edfc634e5122a03a0558f35490e7836923dfdaeb51bae1964ca65796270fc28eb1b9f6cd3ccf18a6afe5a877b9a7143880fbd5663df39bbfe746ae674d3e
SSDEEP

12288:cnxCXKO2eAPC7jYvRsCSmFgRjXD6b7MP+Dd2EAr:cnx1eeCov6CS2IjX67MP+h2f

Score

6^/10

bootkit discovery persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	rundll32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1B0F4D61-8822-11EF-A4A7-66E045FF78A1} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb9000000000200000000001066000000010000200000000e57fd834875b1beda016a51c5caf21c97bf9b3b0b9c925ffc1703204caa7149000000000e8000000002000020000000fef6854d28f94fa0eb79434a5a106a1f9ef355864f5868c46f7e75c16ccd6b5a9000000043b088e79474d52cb61b7b0bd15ecfc959902bad3b46ce458f483ca8a956816ca60ab4e74dc855245b055e515fd751d1d51de570fe1db880424603c9575a5944add4ac729ea15049d99ed69fac79f5f655ca68a1ddacd479454f9990ebb9f880ee34820edb7000a79323f8c600112e451d3800f5b5eb108a37fd48a83d147dc9c9bfb6546cb769ae6565439a58536b3840000000bcf6b0c9c07c7ada49bf103ee7e2948378344dca283843a58f7f694d5c3a82689d0919f7e7d39e68a6a845310da9c01e1d96ffa7b38377c7ba88f4d4c089c094	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c08697ef2e1cdb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434848420"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb900000000020000000000106600000001000020000000163b9c26d09e575287b0989d5856aa8256822836be3511c9c567d3c69aff44cf000000000e8000000002000020000000f53c1072f2733d03311d117860b5121c0699cd9b6f516ebacbc682173b69b4bd200000004233db796e61f1ba689a2b5e829526aeefa76c44e6d20e1cb73a3762895d75b0400000006b0c7e7004541500873fac184e98d74218f161572daf658fe5d48f848cbad2f803440a4062c2e535bf781d06226079f65a6c9a156d25dc57ee15b3e8254dc683	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe

Modifies registry class 3 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	rundll32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2684	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2684	iexplore.exe
2684	iexplore.exe
2564	IEXPLORE.EXE
2564	IEXPLORE.EXE
2564	IEXPLORE.EXE
2564	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 2636 wrote to memory of 2656	2636	rundll32.exe	30
PID 2636 wrote to memory of 2656	2636	rundll32.exe	30
PID 2636 wrote to memory of 2656	2636	rundll32.exe	30
PID 2636 wrote to memory of 2656	2636	rundll32.exe	30
PID 2636 wrote to memory of 2656	2636	rundll32.exe	30
PID 2636 wrote to memory of 2656	2636	rundll32.exe	30
PID 2636 wrote to memory of 2656	2636	rundll32.exe	30
PID 2656 wrote to memory of 2684	2656	rundll32.exe	31
PID 2656 wrote to memory of 2684	2656	rundll32.exe	31
PID 2656 wrote to memory of 2684	2656	rundll32.exe	31
PID 2656 wrote to memory of 2684	2656	rundll32.exe	31
PID 2684 wrote to memory of 2564	2684	iexplore.exe	32
PID 2684 wrote to memory of 2564	2684	iexplore.exe	32
PID 2684 wrote to memory of 2564	2684	iexplore.exe	32
PID 2684 wrote to memory of 2564	2684	iexplore.exe	32

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\372ca7db77eb38762b4ea264d6e32a12_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2636
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\372ca7db77eb38762b4ea264d6e32a12_JaffaCakes118.dll,#1
  2⤵
  - Writes to the Master Boot Record (MBR)
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:2656
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://www.hackymas.com/
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2684
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2684 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
339a5b412310e6dce77b390a448a1581

SHA1
7ada4cdbc3924188f2444f5a321c537679db71eb

SHA256
6f63013648ee3f68845dbc2b554db81233029737289657fa324fb548d81c4caa

SHA512
27e2b6b2f0dd16f9a641e2646befd8f427cc9b1d021987194e94a84567b967b8a6d4e3f23d4b5dd4e82d36e95205d8d655cea378f44319927b352142b7d21dec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5ae4cd20107ca867c0e666022ce12b82

SHA1
5f52ca978898253e8b04537c637ec794e4ded128

SHA256
a0a04875dd7d629f16ac2b443e64f2a062febe29f7278d29be8efb54cfceaf95

SHA512
c43a0522861f038b329d9d5592c72d4d210da107f6548445e02d2080df701308cd261b8fe3c57dfc9d7c4461cf0dd0a73da605a8000a00b7d493bc1d771b5b9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9e955d6e2d60cc88c19eb18f0a4f0b52

SHA1
0db562a406298b0776d9123265d166ad36b65079

SHA256
7d15525781b17337a9efd1256a86575b22ea551f46839a9d1080d64ba4bd41da

SHA512
9f4295b9c6095db8bcb974c991ccd6be21c46ce72788ccec441d3a9656466b3eb385a9cc1287e616228363ffbd3707be8df7fbea9c75a571fc2ed4bc9005e2ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1d309f1f5561e691ab3f97403125c405

SHA1
a35484203c0915fa1dd5f9aaa9a71c2902973abe

SHA256
970b233e3a029ba20ab894f57223ec817166186a92d7a9f95404cd9fc135205a

SHA512
e0a53226cf3ae416f4dab10bc47ed7f5ad3f699f72970aadac39b7b356c779b66bdd5243dcdfdec61f4da16d507c00f403f01809ee284e1fcb7b534a3c5378f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6c2c77ffe646d36330633e7c4cff569c

SHA1
67eb99dcf681da7db54d42fc71a31697bd806ecb

SHA256
5806101c9f59bc1c54f5576709aa968d85c55dceb8a405e9a50b737a06a6def5

SHA512
c73a8c59bf58f025166cd9dde2543adabcaa4b47b752af094d9e8543a3bce5723a8eb95397f6aaef752e0c027426cee224ed030cb9c69252e2ea737189a33ea9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6b1aeb7ee1af3b2d1bf32048ed21c09e

SHA1
54a73c37c551232934b3a6304499bd31431e1a2c

SHA256
a90c7e6273d7edfe7371488d4d6fc0629fdd0ad51646de9e07407c026c703589

SHA512
9fc0a8abed453e01dabd10c7efd1e01a1daabdc04064a624a918143d7bb1ba4552b01f2fe948f566c769b74e6205249660f9324c6c8f286c37bf1af72d27f4bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9094298742495f7ae0fe3ab79c954d44

SHA1
00744741e77b7508cd47cf8e806a78467079dbf6

SHA256
6265b55b431b8dfae5064ea5b7517c8a67ef5214061252bd3bd0ccff03462be5

SHA512
2af9f53755b26e056bfea493a5cd820149355261a00dcaa5fc3ddaee6e99df6cda95cfdc2dc97f924dace04cd4788b05e93317492687d36fd164f2520624d3c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0ec6e2a3ebf2be14d136db7d2a6e01f5

SHA1
098645a7db82a28f328884df4da67b9a4f156de6

SHA256
dca588078803225378f412b33aca6fc26e19c3df51094b8c76c54103b7a382b5

SHA512
221a3e91201426ef0ba3cf94576dfde30e0e003bd2672a0c4f32db15d3972dc5215bef533ae7f8b213cd8cb20d7b64c51714083fdc4dca6527482dd1f284590d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
20a064ddb9f648e884ca153c6197242d

SHA1
491107d34bbd888cda99fa83ff3545996f933eed

SHA256
11a0861799e3df0f90fce9a3cc53af3ea8c3f9963b801f9b75629bd8fe434fb3

SHA512
c4b5283f8a98cb2288bb1bd44c19cce90fc0c64ca80b85f5cf3cdc3dc1af2d98b6c064991eec59c990dc4954de06906b31f1fac3fb5ec05e0ebb51b7f8649175

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3f922d4f2e6ad1d8ba0bdc739db80d53

SHA1
e2dae87f18e8b80a128a218aa984836bdcdeea52

SHA256
2f16c854f6f9b8e8eab05eee21152da8f220599f888cee45dba07434bf9cab68

SHA512
a941d9fa1b43156dd3378ba80fe84adcd9bdf81030943cf2e72a7a0652c93d6499efab132ec0ff34a3ac3fffde06683708ff17ce25b0fa994f4cfd51578045c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1bc646ae0c61a830361d57bb267b2b1f

SHA1
5382eca8ca91d23ebf12f1e9af02960dc9c125d9

SHA256
eeac441f2918456dfc3c01ff524da9d8d87297c007b27530e1d7f5589f49c013

SHA512
b786412f8882e2cbd9b99ba659176da8780a777703f7a78c60abff9d3c378f4d46b8893d84b6daf34a08f5f0a393c364f5ae43c28a06b1202bb43015650cc1c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
86a2dee8c23d7ae2f087f8ef8120a7ae

SHA1
580a462e034e6d8849538c574118294676820973

SHA256
a3546b40f4221555751010d15a6766be86f4ba1f5be7dca9188e95f8d21e5e33

SHA512
6ca51fd7258315e8b9198e4719df075dff69b34e8da1652967b8578e0c6714eb81ea0edcf40c40a519b64f409562ec26e9c0a353badf4dd678ace1f1f72f5b44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
69a2f761a8fb35307cb321ac4154f64f

SHA1
f8699f36b0e2bb807d631df9e2a1b98c7716c868

SHA256
0a44ed0ed0a10199251eebced1a790c95ef62fec7019017c0cf4c45e439b30af

SHA512
4a7d2907d551714e6adb17e6b4e7100069aee5b0573da697c61bcac25e355571646d08b07dfc13249013c464c0ef011e57be8b7ac2ad68f41b5a95fd979215a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f24adbdee2fe52d25b1ee92cfef1ff37

SHA1
51501aa954ed34d606f69a8134feef9337b15918

SHA256
3dc6c38d9946f3fa7d83b2597513ad3b77ba7516ba066c8969bd2b81e36895b1

SHA512
09f305a527b453d10d1f557c809c84cd181a0b99423cd382b07eaf91f175e60857be9e4d3915f91d811eefdac1f61ca5862e9c7712bd38ed5007d4f2b785bef8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d5ab68365be404d7f123377c377c90d6

SHA1
ae3fbe8ad2a40dd94f5129196480d4d36f834072

SHA256
55d2612dcf25934ea860bd6969593291323ff8ea34c508b7e8b5073fd015e917

SHA512
479ba3e58e2078dea32027d74c2922a450c333459d0eb39aa4e0fdff0d48f24c996ce077dc5a70105c764152932ea420b71524a1719e7bdb85ed7bee214845a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
18728f262bc8c48434f3003bb4d4de98

SHA1
3ca23b3d19345cd2fef8c807510631e56c750af8

SHA256
07d4d97fd7f28f27e16fb7bfe94b2d2c852f4a45c3fe3d07a62e288b62783131

SHA512
b3bc3d9516b3e6cc8330daff6ee6c090d0a1769873a5e5f85fdb1b6b9c4b62d7fd38fe16295c9efecc8b1719644c9381397ad49e3443a228b91479f11134e143

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
20ead1fedb9ea6a136c1357911bcfc9b

SHA1
1c9c426cda78c1fc147fcef5dd7c7b3db8c12c62

SHA256
df2d1e0fbf4219c7a3522bbda9f1352954c87273c2a081ba30a90ffd6a7efae9

SHA512
e22fa88e5e1e69000245dffb25bea3628854b37202cd6325b37fa9e1251e4f75d5870d682a2f4e0258b461565b4fc2cbbb01393ba062646905c7de5b60cbda82

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
58f7dd3f946da7d0664b5f307737642d

SHA1
761cca5bc44891e8b72fdb517043d9ba19c2830f

SHA256
2a92a9e559bc0113484ebc2ac33a26638f2b72dadc18d5229ffbe83cef0b3d46

SHA512
dcc49b074830f2df67e792cc97a3319a75d9f89205a747684a84421d39d28f9a73bb286c8d66fb91a03f44773b6354d1f2665432130066382c67e9930d9bffed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e5c5d3cb2a7230e5b206c7450ce35f0d

SHA1
915d4dc160b5acebb2219126cfdaf4e746c8c273

SHA256
b24a334b96472aa27b5fe1609e7fa82cf61585cdd7f3a9610e8fd2515efaa44e

SHA512
0b1a5d07ab9c597d3cdb06a62669e2b9672ff1482cbc4d715f6b43f3c44d9633f84444f560beb67d402670c81b28712f67df58a581d9c701657f555f9fb9a8b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9955b6e92a1eabbbfc563303207bf014

SHA1
bcb4cd614dc1fdbac9ab6e517afb62805702e709

SHA256
ba49c835b43a9c18b4f4222370657985a33b551182cb76fab5d8fb99b900ed4b

SHA512
80364198170deb0cea8c1d727ec60766c7181fdc8d1bb023e5902ad75d2b51cb1e38e1b5808babe3cce0dee12172ca2a347cc797424fe8fbd91af2df6b380387

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6effcd861ea2f89e756d0bc47c6db0d3

SHA1
0acbe7877de8b150d6893bccd517149fd8da36dc

SHA256
71c112dcf1043bb08f2cf06250bc2a551819f1c63bff084ab6814def1e29412c

SHA512
4756e21a983b34f964e561ee850c0a9b27c93de417df3dc040d76f64edafc42900f58e8326614ee8ed9fa59be8d8df7842b21d90e4473c6e30c7b0b003f8331d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe327b0788c66ea01e09baab5c8dd549

SHA1
bfa1b00b355eca48ae067c73b37833d2940600d0

SHA256
fe4ab1b40667a8e34106de3b2457f307680c664f821ea27b566a28b475387de9

SHA512
483c1b9c67008e816f6cd3f451d84eee8c5656ca3e71e7e750d0a98c9708ca99655187050712f4dcf2ea81272cd160ad5077ccd6bf299d8cf89dde284f2d3d5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6C4D.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6C9E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2656-9-0x00000000007E0000-0x00000000008CD000-memory.dmp

Filesize
948KB

Download
memory/2656-16-0x00000000008B1000-0x00000000008B2000-memory.dmp

Filesize
4KB

Download
memory/2656-447-0x0000000002FB0000-0x0000000002FB1000-memory.dmp

Filesize
4KB

Download
memory/2656-446-0x00000000007E0000-0x00000000008CD000-memory.dmp

Filesize
948KB

Download
memory/2656-15-0x00000000001B0000-0x00000000001E0000-memory.dmp

Filesize
192KB

Download
memory/2656-14-0x00000000007E0000-0x00000000008CD000-memory.dmp

Filesize
948KB

Download
memory/2656-0-0x00000000007E0000-0x00000000008CD000-memory.dmp

Filesize
948KB

Download
memory/2656-8-0x00000000007E0000-0x00000000008CD000-memory.dmp

Filesize
948KB

Download
memory/2656-5-0x00000000007E0000-0x00000000008CD000-memory.dmp

Filesize
948KB

Download
memory/2656-6-0x00000000007E0000-0x00000000008CD000-memory.dmp

Filesize
948KB

Download
memory/2656-7-0x00000000007E0000-0x00000000008CD000-memory.dmp

Filesize
948KB

Download
memory/2656-4-0x00000000007E0000-0x00000000008CD000-memory.dmp

Filesize
948KB

Download
memory/2656-1-0x00000000007E0000-0x00000000008CD000-memory.dmp

Filesize
948KB

Download
memory/2656-2-0x00000000001B0000-0x00000000001E0000-memory.dmp

Filesize
192KB

Download
memory/2656-3-0x00000000008B1000-0x00000000008B2000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads